Security News > 2023 > October > Unpatched NGINX ingress controller bugs can be abused to steal Kubernetes cluster secrets

Unpatched NGINX ingress controller bugs can be abused to steal Kubernetes cluster secrets
2023-10-30 20:00

Three unpatched high-severity bugs in the NGINX ingress controller can be abused by miscreants to steal credentials and other secrets from Kubernetes clusters.

The Register did not immediately receive a response to questions, including if the bugs have been found and exploited and when a patch will be issued.

All three flaws affect those with the NGINX ingress controller for Kubernetes that uses NGINX as a reverse proxy and load balancer.

"The first two, CVE-2023-5043 and CVE-2023-5044, are both due to improper input validation and can be exploited to inject arbitrary code, obtain high-level credentials and steal all secrets from the cluster. Both are rated"high" severity bugs," received CVSS ratings of 7.6 out of 10, and affect versions 1.9.0 and earlier.

If someone can create or update ingress objects, they can exploit this bug to obtain Kubernetes API credentials from the ingress controller, and then use that access to steal all secrets in the cluster.

"The fact that ingress controllers have access to TLS secrets and Kubernetes API by design makes them workloads with high privilege scope," Hirschberg wrote in a blog about the three bugs.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/10/30/unpatched_nginx_ingress_controller_bugs/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-5044 Code Injection vulnerability in Kubernetes Ingress-Nginx
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
network
low complexity
kubernetes CWE-94
8.8
2023-10-25 CVE-2023-5043 Injection vulnerability in Kubernetes Ingress-Nginx
Ingress nginx annotation injection causes arbitrary command execution.
network
low complexity
kubernetes CWE-74
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Kubernetes 19 5 45 34 8 92
Nginx 2 0 3 1 4 8